Merge pull request #175 from dciabrin/memcached-tls

Add TLS support for memcached

Author: openshift-merge-bot[bot]

apis/bases/memcached.openstack.org_memcacheds.yaml

@@ -53,6 +53,17 @@ spec:
                 description: Size of the memcached cluster
                 format: int32
                 type: integer
+              tls:
+                description: TLS settings for memcached service
+                properties:
+                  caBundleSecretName:
+                    description: CaBundleSecretName - holding the CA certs in a pre-created
+                      bundle file
+                    type: string
+                  secretName:
+                    description: SecretName - holding the cert, key for the service
+                    type: string
+                type: object
             required:
             - containerImage
             type: object
@@ -102,6 +113,11 @@ spec:
                   - type
                   type: object
                 type: array
+              hash:
+                additionalProperties:
+                  type: string
+                description: Map of hashes to track input changes
+                type: object
               readyCount:
                 description: ReadyCount of Memcached instances
                 format: int32

apis/memcached/v1beta1/memcached_types.go

@@ -18,6 +18,7 @@ package v1beta1
 
 import (
 	condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/util"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -39,10 +40,18 @@ type MemcachedSpec struct {
 	// +kubebuilder:default=1
 	// Size of the memcached cluster
 	Replicas *int32 `json:"replicas"`
+
+	// +kubebuilder:validation:Optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	// TLS settings for memcached service
+	TLS tls.SimpleService `json:"tls,omitempty"`
 }
 
 // MemcachedStatus defines the observed state of Memcached
 type MemcachedStatus struct {
+	// Map of hashes to track input changes
+	Hash map[string]string `json:"hash,omitempty"`
+
 	// ReadyCount of Memcached instances
 	ReadyCount int32 `json:"readyCount,omitempty"`
 

apis/memcached/v1beta1/memcached_webhook.go

@@ -85,7 +85,7 @@ func (r *Memcached) ValidateCreate() (admission.Warnings, error) {
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *Memcached) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
+func (r *Memcached) ValidateUpdate(_ runtime.Object) (admission.Warnings, error) {
 	memcachedlog.Info("validate update", "name", r.Name)
 
 	// TODO(user): fill in your validation logic upon object update.

apis/memcached/v1beta1/zz_generated.deepcopy.go

@@ -38,7 +38,7 @@ const (
 )
 
 func getNetConfig(
-	c client.Client,
+	_ client.Client,
 	obj metav1.Object,
 ) (*NetConfig, error) {
 	// check if NetConfig is available
@@ -62,7 +62,7 @@ func getNetConfig(
 }
 
 func getIPSets(
-	c client.Client,
+	_ client.Client,
 	obj metav1.Object,
 ) (*IPSetList, error) {
 	// check if IPSet is available

apis/network/v1beta1/common_webhook.go

@@ -79,7 +79,7 @@ func (r *DNSMasq) ValidateCreate() (admission.Warnings, error) {
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *DNSMasq) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
+func (r *DNSMasq) ValidateUpdate(_ runtime.Object) (admission.Warnings, error) {
 	dnsmasqlog.Info("validate update", "name", r.Name)
 
 	// TODO(user): fill in your validation logic upon object update.

apis/network/v1beta1/dnsmasq_webhook.go

@@ -19,7 +19,7 @@ package v1beta1
 import (
 	"testing"
 
-	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega" //revive:disable:dot-imports
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -448,7 +448,7 @@ func TestIPSetUpdateValidation(t *testing.T) {
 			g := NewWithT(t)
 			basePath := field.NewPath("spec")
 
-			new := &IPSet{
+			newCfg := &IPSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "foo",
 				},
@@ -459,12 +459,12 @@ func TestIPSetUpdateValidation(t *testing.T) {
 
 			allErrs := valiateIPSetNetwork(tt.newSpec.Networks, basePath, &tt.n)
 			if len(allErrs) > 0 {
-				err = apierrors.NewInvalid(GroupVersion.WithKind("IPSet").GroupKind(), new.Name, allErrs)
+				err = apierrors.NewInvalid(GroupVersion.WithKind("IPSet").GroupKind(), newCfg.Name, allErrs)
 			}
 
 			allErrs = valiateIPSetChanged(tt.newSpec.Networks, tt.oldSpec.Networks, basePath)
 			if len(allErrs) > 0 {
-				err = apierrors.NewInvalid(GroupVersion.WithKind("IPSet").GroupKind(), new.Name, allErrs)
+				err = apierrors.NewInvalid(GroupVersion.WithKind("IPSet").GroupKind(), newCfg.Name, allErrs)
 			}
 
 			if tt.expectErr {

apis/network/v1beta1/ipset_webhook_test.go

@@ -265,6 +265,8 @@ func valiateUniqElement(
 }
 
 // CIDRs must be uniq, while its possible to have same CIDR on different VLANs, we exlude this config
+//
+//lint:ignore U1000 valiateUniqCIDR
 func valiateUniqCIDR(
 	netCIDRs map[int]map[string]field.Path,
 	vlan *int,

apis/network/v1beta1/netconfig_webhook.go

@@ -19,7 +19,7 @@ package v1beta1
 import (
 	"testing"
 
-	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega" //revive:disable:dot-imports
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -1554,10 +1554,9 @@ func TestNetConfigValidation(t *testing.T) {
 			basePath := field.NewPath("spec")
 
 			if tt.expectErr {
-				g.Expect(len(valiateNetworks(tt.c.Spec.Networks, basePath))).Should(BeNumerically(">", 0))
+				g.Expect(valiateNetworks(tt.c.Spec.Networks, basePath)).ShouldNot(BeEmpty())
 			} else {
-				g.Expect(len(valiateNetworks(tt.c.Spec.Networks, basePath))).Should(BeNumerically("==", 0))
-
+				g.Expect(valiateNetworks(tt.c.Spec.Networks, basePath)).Should(BeEmpty())
 			}
 		})
 	}
@@ -1781,7 +1780,7 @@ func TestNetConfigUpdateValidation(t *testing.T) {
 			g := NewWithT(t)
 			basePath := field.NewPath("spec")
 
-			new := &NetConfig{
+			newCfg := &NetConfig{
 				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "foo",
 				},
@@ -1792,12 +1791,12 @@ func TestNetConfigUpdateValidation(t *testing.T) {
 
 			allErrs := valiateNetworks(tt.newSpec.Networks, basePath)
 			if len(allErrs) > 0 {
-				err = apierrors.NewInvalid(GroupVersion.WithKind("NetConfig").GroupKind(), new.Name, allErrs)
+				err = apierrors.NewInvalid(GroupVersion.WithKind("NetConfig").GroupKind(), newCfg.Name, allErrs)
 			}
 
 			allErrs = valiateNetworksChanged(tt.newSpec.Networks, tt.oldSpec.Networks, basePath)
 			if len(allErrs) > 0 {
-				err = apierrors.NewInvalid(GroupVersion.WithKind("NetConfig").GroupKind(), new.Name, allErrs)
+				err = apierrors.NewInvalid(GroupVersion.WithKind("NetConfig").GroupKind(), newCfg.Name, allErrs)
 			}
 
 			if tt.expectErr {

apis/network/v1beta1/netconfig_webhook_test.go

@@ -61,7 +61,7 @@ func (r *Reservation) ValidateCreate() (admission.Warnings, error) {
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *Reservation) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
+func (r *Reservation) ValidateUpdate(_ runtime.Object) (admission.Warnings, error) {
 	reservationlog.Info("validate update", "name", r.Name)
 
 	// TODO(user): fill in your validation logic upon object update.